diff options
| author | Matt Caswell <matt@openssl.org> | 2015-04-28 15:28:23 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-04-30 23:27:07 +0100 |
| commit | 39b36cb438f7fba7dd3cce1d51d5c6c149f3e48d (patch) | |
| tree | efd1a0348e255ca34abc65c2f2e0ecbf3903f95f | |
| parent | 26800340dba2bf056d508007ee4d30e41d4e8f5f (diff) | |
Add sanity check to ssl_get_prev_session
Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin
Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5)
| -rw-r--r-- | ssl/ssl_sess.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 4c7f5d8b4e..eb7936b4e1 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -478,7 +478,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, int r; #endif - if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) + if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH) goto err; if (session_id + len > limit) { |